[Git][security-tracker-team/security-tracker][master] 2 commits: Marked CVE-2022-38531 affecting gpac as EOL for buster LTS.

Ola Lundqvist (@opal) opal at debian.org
Wed Sep 7 19:19:33 BST 2022 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc036e00 by Ola Lundqvist at 2022-09-07T20:13:18+02:00
Marked CVE-2022-38531 affecting gpac as EOL for buster LTS.

- - - - -
d9e1d291 by Ola Lundqvist at 2022-09-07T20:19:12+02:00
Marked a few more CVEs as no-dsa since we have limited support for golang in buster.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3911,6 +3911,7 @@ CVE-2022-38531
 CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...)
 	- gpac <unfixed>
 	[bullseye] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2216
 	NOTE: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d
 CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflo ...)
@@ -20724,6 +20725,7 @@ CVE-2022-32148 (Improper exposure of client IP addresses in net/http before Go 1
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Limited support)
 	NOTE: https://github.com/golang/go/issues/53423
 	NOTE: https://github.com/golang/go/commit/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a (go1.19rc1)
 	NOTE: https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (go1.18.4)
@@ -25081,6 +25083,7 @@ CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob before
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Limited support)
 	NOTE: https://go.dev/issue/53615
 	NOTE: https://github.com/golang/go/commit/6fa37e98ea4382bf881428ee0c150ce591500eb7 (go1.19rc2)
 	NOTE: https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (go1.18.4)
@@ -25102,6 +25105,7 @@ CVE-2022-30633 (Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Limited support)
 	NOTE: https://go.dev/issue/53611
 	NOTE: https://github.com/golang/go/commit/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 (go1.19rc2)
 	NOTE: https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (go1.18.4)
@@ -25112,6 +25116,7 @@ CVE-2022-30632 (Uncontrolled recursion in Glob in path/filepath before Go 1.17.1
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Limited support)
 	NOTE: https://go.dev/issue/53416
 	NOTE: https://github.com/golang/go/commit/ac68c6c683409f98250d34ad282b9e1b0c9095ef (go1.19rc2)
 	NOTE: https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (go1.18.4)
@@ -25122,6 +25127,7 @@ CVE-2022-30631 (Uncontrolled recursion in Reader.Read in compress/gzip before Go
 	- golang-1.17 1.17.13-1
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Limited support)
 	NOTE: https://go.dev/issue/53168
 	NOTE: https://github.com/golang/go/commit/b2b8872c876201eac2d0707276c6999ff3eb185e (go1.19rc2)
 	NOTE: https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (go1.18.4)
@@ -34044,6 +34050,7 @@ CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attack
 	- golang-1.17 <unfixed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
+	[buster] - golang-1.11 <no-dsa> (Limited support)
 	NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
 	NOTE: https://github.com/golang/go/issues/54658
 	NOTE: https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/390de28532cb0a86b39b1772e3496369a4c7fa66...d9e1d2912d7c20d15d5447e31324de688633f1e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/390de28532cb0a86b39b1772e3496369a4c7fa66...d9e1d2912d7c20d15d5447e31324de688633f1e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220907/f66064f5/attachment.htm>

More information about the debian-security-tracker-commits mailing list